Security update for osc

Announcement ID:	SUSE-SU-2015:0487-1
Rating:	important
References:	bsc#901643
Cross-References:	CVE-2015-0778
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12

An update that solves one vulnerability can now be installed.

Description:

osc was updated to fix a security issue and some non-security bugs.

osc was updated to 0.151.0, fixing the following vulnerability: * fixed shell command injection via crafted _service files CVE-2015-0778 boo#901643

The following non-security bugs were fixed: * fix times when data comes from OBS backend * support updateing the link in target package for submit requests * various minor bugfixes

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-119=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 (noarch)
  • osc-0.151.0-8.1

References:

• https://www.suse.com/security/cve/CVE-2015-0778.html
• https://bugzilla.suse.com/show_bug.cgi?id=901643